GCVE-BCP-11 - Sighting Format

adulau · April 28, 2026, 12:51pm

A reminder based on the recent changes from @cedric to create a proper BCP for the description of the Sighting Format.

cedric · April 29, 2026, 7:34pm

I’ve updated the schema available here:

github.com/vulnerability-lookup/vulnerability-lookup

website/web/static/schemas/CIRCL/Sighting.json

main


{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://vulnerability.circl.lu/static/schemas/CIRCL/Sighting.json",
  "type": "object",
  "title": "Sighting format.",
  "description": "This schema specifies the format of a sighting.",
  "required": [
    "uuid",
    "vulnerability_lookup_origin",
    "author",
    "vulnerability",
    "type",
    "creation_timestamp"
  ],
  "additionalProperties": false,
  "properties": {
    "uuid": {
      "type": "string",
      "format": "uuid",

This file has been truncated. show original

A not up-to-date version is available here:
https://vulnerability.circl.lu/static/schemas/CIRCL/Sighting.json

The schemas under ‘‘static/schemas/’’ are directly used by the application in order to validate incoming data (from the API or forms).
For the record we also have this one:
https://vulnerability.circl.lu/static/schemas/GCVE/gcve-bcp-07.json

they are all here:

but sometimes some checks can be bypassed by an admin user…

adulau · April 29, 2026, 8:49pm

Thanks for the detailed input.

Should we go also to describe how we express a sighting and what’s the actual meaning behind it?